Apparently it's a URL shortener. It resolves just fine in Chrome and Firefox. How is this a valid top-level domain?

Update: for the people saying it's browser shenanigans, why is it that: http://com./ does not take me to: http://www.com/?

And, do browsers ever send you a response from some place other than what's actually up in the address bar? Aside from framesets and things like that, I thought browsers tried really hard to send you content only from the site in the address bar, to help guard against phishing.

Seems like these days general availability of bandwidth is increasing disproportionately with slashdot's readership...
–
ChrisDec 3 '09 at 19:11

Also note that http://to. yields a different website than http://www.to. (the latter being the same as http://www.to). If one is seeing the same for the two URLs then the browser is indeed messing up, and is probably showing www.to for both...
–
ArjanDec 13 '09 at 17:16

1

I just noticed today that to no longer works. Sad face. One that does still work is ac but that just serves the [nic.as][1] website. [1]: nic.ac
–
MarcelApr 8 '11 at 23:03

22 Answers
22

Basically, someone has managed to convince the owners of the ccTLD 'to.' (Tonga?) to assign the A record to their own IP address. Quite a coup in the strange old world of URL shorteners.

Normally these top-levels would not have IP addresses assigned via a standard A record, but there is nothing to say that the same could not be done to .uk, .com, .eu, etc.

Strictly speaking there is no reason to have the '.' specified, though it should prevent your browser from trying other combinations like 'to.yourdomain.com' first, and speed up the resolution of the address. It might also confuse browsers, as there is no dot, but Safari at least seems to work ok with it.

Any DNS zone can have any DNS record for that zone itself (in a bind configuration file, this record is labeled with an @). Actually -- let me ask this -- can the root zone have an @ to describe itself? IE can @ have an address record? I don't see why it couldn't. that would be a cool address to have. "http://./"

The "Root" zone is simply a zone named ".". At the moment, that zone has a bunch of name servers. The addresses of these name servers are distributed as a text file. This text file or something similar is manually entered into many typical recursive name servers.

Placing a "." at the end of a name tells your local resolver that the name you have entered a "fully qualified" domain name, meaning it is exactly and only the name you wish to look up. Often, we use unqualified or otherwise ambiguous names such as "www" to mean "www.of.the.place.I.work" where your local DNS resolver has "of.the.place.I.work" as the "dns domain" or "search domain".

These root level domain servers have a list of "top level" domains which map roughly to old abstractions of how researchers in the 80s thought the internet would be used and countries, and a top level domain for "infrastructure". Each of these top level domains has a bunch of name servers that have lists of actual zones in that domain, so a request for maps.google.com first goes to a root level server which passes out a list of name servers that know about .com, and when asked, one of those knows about which name server has records for google.com, and one of those knows the specific record for www.google.com.

So, all you need to do is convince whoever runs the TLD for a country or organization to put in an address record for .zone instead of just google.zone and you're golden.

At present, the following top level domains have address records (not all run web servers, though)

So, in theory, you could send email to pope@va. and it will be delivered properly...

If you use different root servers, you will wind up with a different view of what exists on the internet. All the local resolutions I did were against my local system which is using "dnscache" which goes directly to the root servers. Many other resolving DNS servers will ask another local DNS server instead of asking the root servers.

Looks like tt just has two MX records, nothing to wonder about. If the first fails it will kick into the second...
–
Tom WijsmanApr 12 '12 at 13:56

2

no -- what I find odd about that is that at the time I did that lookup tt was returning someone's home computer. rr.com is roadrunner, an end-user ISP. Maybe they also offer other services, but still a bit wacky to have an MX pointing to an rr.com address.
–
chrisApr 19 '12 at 20:06

@chris Do you mean that a TLD can have no associated IP?
–
PacerierJul 17 '12 at 14:04

How it's not? There isn't any limitation for the minimum "sections" a domain should have. It's a ccTLD for Tonga like us, eu, uk, me, .... The following dot means it's a subdomain of the root domain. In fact, xyz.com is really xyz.com..

Basically, what they have done is simply adding an A record pointing to a Web server. They own the nameserver responsible for answering queries for to. and all its subdomains so they can do that easily.

PS: Based on the content of this thread, I'm absolutely convinced that the software used by some Internet operators (ISPs, ...) does not follow specs correctly and just happens to follow conventions. This is probably why the domain is broken for many people.

It is rare that a top level domain has an A record, but it's perfectly legitimate. Think how you can have "www.foo.com" and "foo.com" have different records, and apply that all the way down to the Tongan ccTLD, .to.

Looks like someone bought the whole .to. TLD http://en.wikipedia.org/wiki/.to as Mehrdad said you can then add an A Record. I think they're just adding the . to the end of www.to. to make sure that what ever is looking up the address searches at the root of the tld. the . on the end of all domains should be implied anyway what I don't get is why does serverfault.com. return a 400 Bad Request?

Chris: IIS doesn't like serving something good when it sees Host: serverfault.com.. I cannot find anything in the HTTP specification that limits Host header value from containing . at the end. I guess it's a bug in IIS; it does not conform to the specification.
–
LeakyCodeDec 3 '09 at 19:03

The DNS specification also permits a trailing period to be used to denote the root, e.g., "a.b.c" and "a.b.c." are equivalent, but the latter is more explicit and is required to be accepted by applications. This convention is especially important when a TLD name is being referred to directly. For example, while ".COM" has become the popular terminology for referring to that top-level domain, "COM." would be strictly and technically correct in talking about the DNS, since it shows that "COM" is a top-level domain name.

Any chance it may have something to do with OpenDNS. On my home computer using OpenDNS nslookup returns an IP address. On my work computers through the VPN to does not resolve and http://to./ does nothing.

It could be a bug with OpenDNS...this seems to be acting similar to their shortcut functionality, where you enter something like 'mail' as the shortcut and 'http://webmail.mydomain.com' as the website, and when you enter 'mail' from your defined network it takes you to 'http://webmail.mydomain.com'. Possibly someone defined their network as 0.0.0.0 and created 'to' as a shortcut? If that's the case it would be a huge opportunity to exploit OpenDNS users!

or of course just w.to for an 2 extra vowels in your tweet
–
SimonDec 4 '09 at 2:49

Just because someone else already registered that go second-level domain. (I guess that's also why bit.ly is being used; it was probably one of the few short domain names that is kind of easy to remember, and available?)
–
ArjanDec 13 '09 at 17:52

(And as an aside: http://www.to is not the same site as http://to)
–
ArjanMar 28 '10 at 21:27

So the question is why wouldn't it work. And the answer is that after Verisign decided to introduce a wildcard into the .com. zone a few years back, the developers of bind introduced the concept of a 'delegation-only' zone. In a delegation-only zone, any A records which aren't inferior glue for an NS record will not be accepted by the resolver and the client will get back an NXDOMAIN.

So while from a strict protocol viewpoint it's okay for the "to." DNS name to have an A record, in practice it won't work for customers of some ISPs.

You might put:

zone "com." { type delegation-only; };

in your named.conf to turn this on just for the .com. domain, or you might turn it on for all of the TLDs but exclude some of them by adding to the options{} block something like:

root-delegation-only exclude { "de"; "to"; };

etc. There's a long list of "accepted" domains here which are commonly allowed, such as "to", but depending on how BOFHish you're feeling, you might limit this more.

So the extra dot is normally left out, but isn't left out in this case so as not to confuse the web browser?
–
MJeffryesDec 3 '09 at 18:17

5

The trailing dot tells the web browser to not-add .com. If you just put http://to, your browser changes that to http://www.to.com, but if you use http://to. then the web browser changes that to http://www.to
–
Drew StephensDec 3 '09 at 18:23

Chrome takes me from to to that same site (to.)
–
Assaf LavieDec 3 '09 at 18:49

This is actually correct. This has nothing to do with browsers, "to" is a valid host name.
–
Mark RenoufDec 3 '09 at 19:36

On my computer, to. (www.to. and www.to) and to. (to.) yield different pages, and use different IP addresses. I guess "www" has truly been registered as a second-level domain by someone else.
–
ArjanDec 10 '09 at 9:26

The IP addresses are different as well: 216.74.32.103 versus 74.54.218.210 today.

So: if one is seeing the same for the two URLs then the browser is indeed messing up, and is probably showing www.to for both.

†http://www.to./ probably does not need the trailing dot to tell browsers not to try anything fancy, and hence is the same as http://www.to, in which www probably has been registered as a second-level domain by some unrelated other company.